-
Aug15
Vundo Virüsü Temizlemek
Yorum YokVundo virüsü bulaştığı bilgisayardaki kişisel bilgilerinizi uzaktaki sunuculara göndererek bilgi hırsızlığına yol açmaktadır.Diğer adı virtumondo olan virüs sisteme entegre olduktan sonra aktivite göstermektedir.
Bilgisayarınıza oluşturduğu dosyalar:
[%SYSTEM%]\a.exe
[%SYSTEM%]\fx.dll
[%SYSTEM%]\mljghff.dll
[%SYSTEM%]\runouce.exe
[%SYSTEM%]\awtoolb.dll
[%SYSTEM%]\addsu.exe
[%SYSTEM%]\msxml71.dll
[%SYSTEM%]\mmfinfo.dll
[%SYSTEM%]\vawemese.dll
[%APPDATA%]\twext.exe
[%PROFILE_TEMP%]\msxml71.dll
[%SYSTEM%]\ptj.exe
[%SYSTEM%]\visujowo.dll
[%SYSTEM%]\pawovuda.dll
[%SYSTEM%]\bugurube.dll
[%SYSTEM%]\hatasefa.dll
[%SYSTEM%]\jalopeya.dll
[%SYSTEM%]\hisakite.dll
[%SYSTEM%]\maboveli.dll
[%SYSTEM%]\genetoda.dll
[%SYSTEM%]\clkcnt.txt
[%SYSTEM%]\niwaluyu.dll
[%SYSTEM%]\lusanuwo.dll
[%SYSTEM%]\tadofuvo.dll
[%SYSTEM%]\lowofato.dll
[%SYSTEM%]\depopuho.dll
[%WINDOWS%]\TEMP\msxml71.dll
[%PROFILE_TEMP%]\a.exe
[%SYSTEM%]\subalavi.dll
[%SYSTEM%]\nmdfgds0.dll.vir
[%PROFILE_TEMP%]\_A00F2D8C2.exe
[%WINDOWS%]\BM27fe8036.txt
[%SYSTEM%]\fabovoma.dll
[%SYSTEM%]\huwutezi.dll
[%SYSTEM%]\lazageva.dll
[%SYSTEM%]\tagimodo.dll
[%SYSTEM%]\yizasilu.dll
[%SYSTEM%]\zakevate.dll
[%SYSTEM%]\odmnyxtm.dll
[%SYSTEM%]\vkeslkpi.dll
[%SYSTEM%]\urqpnlk.dll
[%SYSTEM%]\hggeded.dll
[%PROFILE_TEMP%]\_A00F10688F.exe
[%PROFILE_TEMP%]\_A00F1B4AFF.exe
[%PROFILE_TEMP%]\_A00F278DDEA.exe
[%PROFILE_TEMP%]\_A00F33E8EFC.exe
[%PROFILE_TEMP%]\_A00F464C08.exe
[%PROFILE_TEMP%]\_A00F7EBD7E.exe
[%PROFILE_TEMP%]\_A00F86BC3.exe
[%SYSTEM%]\__c00256C4.dat
[%SYSTEM%]\__c0037526.dat
[%SYSTEM%]\__c005B608.dat
[%SYSTEM%]\__c0067BE9.dat
[%SYSTEM%]\__c0080A31.dat
[%SYSTEM%]\__c00931E4.dat
[%SYSTEM%]\__c00BCAD6.dat
[%SYSTEM%]\__c00C7CF2.dat
[%SYSTEM%]\awtqr.dll
[%SYSTEM%]\ddayv.dll
[%SYSTEM%]\drivers\blank.gif
[%SYSTEM%]\drivers\box_2.gif
[%SYSTEM%]\drivers\button_buynow.gif
[%SYSTEM%]\drivers\button_freescan.gif
[%SYSTEM%]\drivers\cell_bg.gif
[%SYSTEM%]\drivers\cell_footer.gif
[%SYSTEM%]\drivers\cell_header_block.gif
[%SYSTEM%]\drivers\cell_header_remove.gif
[%SYSTEM%]\drivers\cell_header_scan.gif
[%SYSTEM%]\drivers\detect.htm
[%SYSTEM%]\drivers\download_btn.jpg
[%SYSTEM%]\drivers\download_now_btn.gif
[%SYSTEM%]\drivers\footer_back.jpg
[%SYSTEM%]\drivers\header_1.gif
[%SYSTEM%]\drivers\header_2.gif
[%SYSTEM%]\drivers\header_3.gif
[%SYSTEM%]\drivers\header_4.gif
[%SYSTEM%]\drivers\header_red_bg.gif
[%SYSTEM%]\drivers\header_red_free_scan.gif
[%SYSTEM%]\drivers\header_red_free_scan_bg.gif
[%SYSTEM%]\drivers\header_red_protect_your_pc.gif
[%SYSTEM%]\drivers\infected.gif
[%SYSTEM%]\drivers\main_back.gif
[%SYSTEM%]\drivers\product_2_header.gif
[%SYSTEM%]\drivers\product_2_name_small.gif
[%SYSTEM%]\drivers\product_features.gif
[%SYSTEM%]\drivers\pt.htm
[%SYSTEM%]\drivers\rating.gif
[%SYSTEM%]\drivers\screenshot.jpg
[%SYSTEM%]\drivers\sep_hor.gif
[%SYSTEM%]\drivers\sep_vert.gif
[%SYSTEM%]\drivers\shadow.jpg
[%SYSTEM%]\drivers\shadow_bg.gif
[%SYSTEM%]\drivers\spacer.gif
[%SYSTEM%]\drivers\star.gif
[%SYSTEM%]\drivers\star_gray.gif
[%SYSTEM%]\drivers\star_gray_small.gif
[%SYSTEM%]\drivers\star_small.gif
[%SYSTEM%]\drivers\style.css
[%SYSTEM%]\drivers\s_detect.htm
[%SYSTEM%]\drivers\v.gif
Kayıt Defterine Eklediği Kayıtlar:
HKEY_CLASSES_ROOT\CLSID\{013A653B-49A6-4f76-8B68-E4875EA6BA54}
HKEY_CLASSES_ROOT\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}
HKEY_CLASSES_ROOT\CLSID\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKEY_CLASSES_ROOT\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4eaf-8143-8C619470B13D}
HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b45ba7e-067c-4622-b527-73e4291f53f7}
HKEY_CLASSES_ROOT\CLSID\{3b45ba7e-067c-4622-b527-73e4291f53f7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b45ba7e-067c-4622-b527-73e4291f53f7}
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92335157-984b-4692-8405-530335ca9f27}
HKEY_CLASSES_ROOT\CLSID\{92335157-984b-4692-8405-530335ca9f27}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c3352fcd-cfe5-4f35-831a-19c68ddb7cf4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a698102-5904-afd0-20df-cd1a65829ca4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B014B81-4E12-46F9-806F-55867AF8FD3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001339D
HKEY_CLASSES_ROOT\CLSID\{871a54c1-1eb3-48bd-a879-5dba4ef16be6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{871a54c1-1eb3-48bd-a879-5dba4ef16be6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003BA37
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00656CC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00931E4
HKEY_CLASSES_ROOT\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKEY_CLASSES_ROOT\CLSID\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}
HKEY_CLASSES_ROOT\CLSID\{A98D0065-7326-41B5-B8D9-C5B692CDB82F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43FCD2CF-5569-4208-97D2-52748E0EF6A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7B0F7B2-1B10-4240-B00B-354F3C04E3F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}
HKEY_CLASSES_ROOT\CLSID\{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{109BE732-8F8C-49D4-A3F4-FEDCAC7F0A25}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b62b5ce6-a4bf-428d-8a21-47ee1bd90eac}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd3447d4-ca39-4377-8084-30e86331d74c}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf46bfb3-2acc-441b-b82b-36b9562c7ff1}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b646afb-9341-4330-8fd1-c32485aee619}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1557b435-8242-4686-9aa3-9265bf7525a4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5adf3862-9e2e-4ad3-86f7-4510e6550cd0}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dd3ec823-d3a1-48b3-a18a-a1958795a18a}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06df596b-3170-4f07-be10-86e31456bc56}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A444D2-F945-4dd9-89A1-896A6C2D8D22}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
HKEY_CLASSES_ROOT\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b62b5ce6-a4bf-428d-8a21-47ee1bd90eac}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f7b0f7b2-1b10-4240-b00b-354f3c04e3f5}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B313D637-F405-4052-AC37-E2119AB3C8F8}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ccdf8ce-c339-4dd6-ad4f-ca7230c7e2f2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C976FB61-5756-491F-98A7-784AEB65C1BE}
HKEY_CLASSES_ROOT\CLSID\{C976FB61-5756-491F-98A7-784AEB65C1BE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C976FB61-5756-491F-98A7-784AEB65C1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006C8C9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00CE446
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9e93a147-e3f9-47ab-baf0-915ccaaa7034}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9b4868e3-767e-4a1c-a792-3cc451ba8cac}
HKEY_CLASSES_ROOT\CLSID\{9b4868e3-767e-4a1c-a792-3cc451ba8cac}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b4868e3-767e-4a1c-a792-3cc451ba8cac}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00086CB2-F8B6-416C-B58F-028C74074F76}
HKEY_CLASSES_ROOT\CLSID\{00086CB2-F8B6-416C-B58F-028C74074F76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0004ED1C-BAB4-4C64-B68B-2DA827F2154c}
HKEY_CLASSES_ROOT\CLSID\{0004ED1C-BAB4-4C64-B68B-2DA827F2154c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00043659-F8B6-416C-B58F-028C74074F76}
HKEY_CLASSES_ROOT\CLSID\{00043659-F8B6-416C-B58F-028C74074F76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0002768E-BAB4-4C64-B68B-2DA827F2154c}
HKEY_CLASSES_ROOT\CLSID\{0002768E-BAB4-4C64-B68B-2DA827F2154c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007D700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007BAC2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001A288
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000098D1-810C-470F-BDBE-44EB5309C2A3}
HKEY_CLASSES_ROOT\CLSID\{000098D1-810C-470F-BDBE-44EB5309C2A3}
HKEY_CLASSES_ROOT\CLSID\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}
HKEY_CLASSES_ROOT\CLSID\{E03C740E-BB24-4d3c-B92A-6F84DE1DD99C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebf1652d-fc54-4654-8738-55a21a0b520b}
HKEY_CLASSES_ROOT\CLSID\{ebf1652d-fc54-4654-8738-55a21a0b520b}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ebf1652d-fc54-4654-8738-55a21a0b520b}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a95b2816-1d7e-4561-a202-68c0de02353a}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55737035-1b75-48dd-a4d8-66155d8ac7a3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35f7813a-af74-4474-b1dc-7ee6fb6c43c6}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6039e6c-bde9-4de5-bb40-768caa584fdc}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864a5-3916-46e2-96a9-a2e84f3f1208}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001239
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Runonce=[%SYSTEM%]\runouce.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, gesetibava=Rundll32.exe “[%SYSTEM%]\zetorawi.dll”,s
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, userinit=[%APPDATA%]\twext.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c3352fcd-cfe5-4f35-831a-19c68ddb7cf4}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {32023698-6984-8541-9654-698745012523}=skqncbib.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {18093456-9012-4568-9076-908765467181}=tisqatyu.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F5364A.exe=[%PROFILE_TEMP%]\_A00F5364A.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {470165f1-9f65-569f-f895-f14f58f41074}=lofsdjbo.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4fd45a54-9875-698f-e56e-65102358fdf4}=apsgdjba.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4a698102-5904-afd0-20df-cd1a65829ca4}=zycbdime.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F2D8C2.exe=[%PROFILE_TEMP%]\_A00F2D8C2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPMbf323156=Rundll32.exe “[%SYSTEM%]\pawovuda.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, gesetibava=Rundll32.exe “[%SYSTEM%]\depopuho.dll”,s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F464C08.exe=[%PROFILE_TEMP%]\_A00F464C08.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F7EBD7E.exe=[%PROFILE_TEMP%]\_A00F7EBD7E.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F1B4AFF.exe=[%PROFILE_TEMP%]\_A00F1B4AFF.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F86BC3.exe=[%PROFILE_TEMP%]\_A00F86BC3.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F33E8EFC.exe=[%PROFILE_TEMP%]\_A00F33E8EFC.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F278DDEA.exe=[%PROFILE_TEMP%]\_A00F278DDEA.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F10688F.exe=[%PROFILE_TEMP%]\_A00F10688F.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Launch Toolbox Application=[%SYSTEM%]\CRDTB_LAUNCH.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Launch Datacard Toolbox=[%SYSTEM%]\CRDPRAT.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Launch Toolbox Application=[%SYSTEM%]\CRDTB_LAUNCH.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WCXELMS=WCXELMS.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {12F02779-6D88-4958-8AD3-83C12D86ADC7}=00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sebavupuno=Rundll32.exe “[%SYSTEM%]\jidesoti.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {a98d0065-7326-41b5-b8d9-c5b692cdb82f}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {109be732-8f8c-49d4-a3f4-fedcac7f0a25}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Exohujesazukuya=rundll32.exe “[%WINDOWS%]\Qfeyirisohah.dll”,e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BM7fefe868=Rundll32.exe “[%SYSTEM%]\ljhjdqgd.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, surayifuhu=Rundll32.exe “[%SYSTEM%]\lijeyoga.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM7ea4d3ff=Rundll32.exe “[%SYSTEM%]\pozarigo.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 7d97e063=rundll32.exe “[%SYSTEM%]\kamileva.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {9b4868e3-767e-4a1c-a792-3cc451ba8cac}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSServer=rundll32.exe [%SYSTEM%]\ssqNFVMG.dll,#1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM83132f38=Rundll32.exe “[%SYSTEM%]\batiweja.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 80201ca4=rundll32.exe “[%SYSTEM%]\kohigewi.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kasimepiri=Rundll32.exe “[%SYSTEM%]\vamibedi.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM530f1a7d=Rundll32.exe “[%SYSTEM%]\tidubulu.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 503c29e1=rundll32.exe “[%SYSTEM%]\lodeyano.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dihozamihe=Rundll32.exe “[%SYSTEM%]\busekuja.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Disabled, 6c2833c7=rundll32.exe “[%SYSTEM%]\yynjjxku.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Disabled, BM6f1b005b=Rundll32.exe “[%SYSTEM%]\psvavoae.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, yibekiroga=Rundll32.exe “[%SYSTEM%]\fuwobozu.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Rmiyiqijoyiqo=rundll32.exe “[%WINDOWS%]\akuxoxotumud.dll”,e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Ypigonorapule=rundll32.exe “[%WINDOWS%]\ehijuduligejo.dll”,e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, RemoteControl=[%SYSTEM%]\rmctrl.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSServer=rundll32.exe [%PROFILE_TEMP%]\ssqNGWqr.dll,#1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cmds=rundll32.exe [%PROFILE_TEMP%]\pmnmJDUN.dll,c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {ebf1652d-fc54-4654-8738-55a21a0b520b}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 18a4cec6=rundll32.exe “[%SYSTEM%]\popefuha.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, larugojiwa=Rundll32.exe “[%SYSTEM%]\lugozeji.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mosahagoju=Rundll32.exe “[%SYSTEM%]\yatesidu.dll”,s
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mosahagoju=Rundll32.exe “[%SYSTEM%]\yatesidu.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM73ad0f30=Rundll32.exe “[%SYSTEM%]\fanenoto.dll”,a
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F8120D0E.exe=[%PROFILE_TEMP%]\_A00F8120D0E.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F10C22F1.exe=[%PROFILE_TEMP%]\_A00F10C22F1.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F13C401D1.exe=[%PROFILE_TEMP%]\_A00F13C401D1.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F10250FE7.exe=[%PROFILE_TEMP%]\_A00F10250FE7.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00FAF10576.exe=[%PROFILE_TEMP%]\_A00FAF10576.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nurahanidi=Rundll32.exe “[%SYSTEM%]\pafelewa.dll”,s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\zanamalo.dll [%SYSTEM%]\sufojeni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM577affa7=Rundll32.exe “[%SYSTEM%]\sufojeni.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, bisinirimi=Rundll32.exe “[%SYSTEM%]\yosutihe.dll”,s
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, bisinirimi=Rundll32.exe “[%SYSTEM%]\yosutihe.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ac545607=rundll32.exe “[%SYSTEM%]\pohuzowo.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, sayudabomi=Rundll32.exe “[%SYSTEM%]\vavanoho.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM6b38fc50=Rundll32.exe “[%SYSTEM%]\fapilizu.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 680bcfcc=rundll32.exe “[%SYSTEM%]\wegehove.dll”,b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, vutukeyuku=Rundll32.exe “[%SYSTEM%]\batiweja.dll”,s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\hofegope.dll [%SYSTEM%]\heyotina.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPMab293d9a=Rundll32.exe “[%SYSTEM%]\heyotina.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, vupatiloja=Rundll32.exe “[%SYSTEM%]\yivimefe.dll”,s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, A00F372BF2B6.exe=[%PROFILE_TEMP%]\_A00F372BF2B6.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM11b5e9e7=Rundll32.exe “[%SYSTEM%]\yilefaju.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, fotasawomu=Rundll32.exe “[%SYSTEM%]\vajatika.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 40d1e3a0=rundll32.exe “[%SYSTEM%]\yqqyjarw.dll”,b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cmds=rundll32.exe [%PROFILE_TEMP%]\vtUlLCvu.dll,c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, gesetibava=Rundll32.exe “[%SYSTEM%]\luyusowa.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPMbf323156=Rundll32.exe “[%SYSTEM%]\subalavi.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {f7b0f7b2-1b10-4240-b00b-354f3c04e3f5}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {37e10337-6a37-45bb-bb1a-146c7d2a6e73}=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Xqozatagacutica=rundll32.exe “[%WINDOWS%]\ivizonahukozi.dll”,e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Kpakifihuf=rundll32.exe “[%WINDOWS%]\Qgutohekafomoh.dat”,e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {aced1c9f-2718-4512-9f69-f4e28c1f484f}=
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSServer=rundll32.exe [%PROFILE_TEMP%]\cbXOIASi.dll,#1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\yumovovi.dll [%SYSTEM%]\najamapa.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM63b076fb=Rundll32.exe “[%SYSTEM%]\najamapa.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, jifelubele=Rundll32.exe “[%SYSTEM%]\vibevije.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Hwuzoyiziyema=rundll32.exe “[%WINDOWS%]\Xmolumezim.dll”,e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Qcozika=rundll32.exe “[%WINDOWS%]\adipizulufuj.dll”,e
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat,[%SYSTEM%]\waremilo.dll [%SYSTEM%]\halaneho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM33987eb8=Rundll32.exe “[%SYSTEM%]\halaneho.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nevafizuyo=Rundll32.exe “[%SYSTEM%]\susopaya.dll”,s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\sitoyufe.dll [%SYSTEM%]\jimekaju.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM5bf816e2=Rundll32.exe “[%SYSTEM%]\jimekaju.dll”,a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, gukanifuwe=Rundll32.exe “[%SYSTEM%]\defupabo.dll”,s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM73ad0f30=Rundll32.exe “[%SYSTEM%]\bafovudu.dll”,a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, CPM3a493c19=Rundll32.exe “[%COMMON_APPDATA%]\dojeseja\dojeseja.dll”,a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dahanorika=Rundll32.exe “[%COMMON_APPDATA%]\vuvujake\vuvujake.dll”,s